Blog

HULK DDoS Tool Smash Web Server, Server Fall Down | threatpost

For the aspiring attacker or pen tester, there is no shortage of attack tools, scripts, crimeware kits and exploits available online. But, the Internet being what it is, there’s always room for one more. Enter HULK, a new DDoS tool that arrives just in time to coincide with the release of some movie involving the actual Hulk and other CGI-ified mediocre-heroes.

The HULK (HTTP Unbearable Load King) DDoS tool is somewhat different from others of its ilk in that it doesn’t simply hammer a server with a massive load of TCP SYN requests or other predictable packets. Instead, HULK generates numerous unique requests designed to prevent server defenses from recognizing a pattern and filtering the attack traffic. The HULK DDoS tool is the work of Barry Shteiman, a security pro who developed it out of frustration with the obvious patterns produced by other such tools.

“For a while now, I have been playing with some of the more exotic tools, finding that their main problem is always the same… they create repeatable patterns. too easy to predict the next request that is coming, and therefor mitigate. Some, although elegant, lack the horsepower to really put a system on its knees,” he wrote in his notes on HULK.